<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>unix-privesc-check Package Description</h2>
<p style="text-align: justify;">Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it does a better job when running as root because it can read more files).</p>
<p>Source: http://pentestmonkey.net/tools/audit/unix-privesc-check<br>
<a href="http://pentestmonkey.net/tools/audit/unix-privesc-check" variation="deepblue" target="blank">unix-privesc-check Homepage</a>| <a href="http://git.kali.org/gitweb/?p=packages/unix-privesc-check.git;a=summary" variation="deepblue" target="blank">Kali unix-privesc-check Repo</a></p>
<ul>
<li>Author: pentestmonkey</li>
<li>License: GPLv2</li>
</ul>
<h3>Tools included in the unix-privesc-check package</h3>
<h5>unix-privesc-check – Script to check for simple privilege escalation vectors</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="c8baa7a7bc88a3a9a4a1">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# unix-privesc-check<br>
unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check )<br>
<br>
Usage: unix-privesc-check { standard | detailed }<br>
<br>
"standard" mode: Speed-optimised check of lots of security settings.<br>
<br>
"detailed" mode: Same as standard mode, but also checks perms of open file<br>
                 handles and called files (e.g. parsed from shell scripts,<br>
                 linked .so files).  This mode is slow and prone to false<br>
                 positives but might help you find more subtle flaws in 3rd<br>
                 party programs.<br>
<br>
This script checks file permissions and other settings that could allow<br>
local users to escalate privileges.<br>
<br>
Use of this script is only permitted on systems which you have been granted<br>
legal permission to perform a security assessment of.  Apart from this<br>
condition the GPL v2 applies.<br>
<br>
Search the output for the word 'WARNING'.  If you don't see it then this<br>
script didn't find any problems.</code>
<h3>unix-privesc-check Usage Example</h3>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="2b5944445f6b404a4742">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# unix-privesc-check standard<br>
Assuming the OS is: linux<br>
Starting unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check )<br>
<br>
This script checks file permissions and other settings that could allow<br>
local users to escalate privileges.<br>
<br>
Use of this script is only permitted on systems which you have been granted<br>
legal permission to perform a security assessment of.  Apart from this <br>
condition the GPL v2 applies.<br>
<br>
Search the output below for the word 'WARNING'.  If you don't see it then<br>
this script didn't find any problems.<br>
<br>
<br>
############################################<br>
Recording hostname<br>
############################################<br>
kali<br>
<br>
############################################<br>
Recording uname<br>
############################################<br>
Linux kali 3.12-kali1-amd64 #1 SMP Debian 3.12.9-1kali1 (2014-05-13) x86_64 GNU/Linux<br>
<br>
############################################<br>
Recording Interface IP addresses</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
